Google to boost users' privacy

SOME DIGITAL FINGERPRINTS WILL BE ERASED

Google, the world's largest search engine, is dramatically changing the way it treats personal information.

After years of criticism that its data-collection practices put the privacy of hundreds of millions of people at risk, Google said Wednesday that it will take steps to erase an individual's digital fingerprints from its colossal databases.

The goal: to make sure the billions of Internet searches stored in Google's digital vaults cannot be used by the government or any other third party to identify a specific person years after the original query was tapped out on a keyboard.

"We are disconnecting the search query from a specific individual," said Nicole Wong, deputy general counsel at Google.

Google announced Wednesday that it is developing a process to make anonymous all search logs that are between 18 months and 24 months old. The time period will ultimately depend on legal requirements, which are currently in flux around the globe.
For instance, members of the European Union are considering laws that would require telecommunications and Internet companies to store digital data for periods ranging from six months to two years.A similar bill has been introduced in Congress by Rep. Lamar Smith, a Texas Republican.

Wong said Google is trying to strike a balance between retaining data needed by its researchers, providing more transparency to users and abiding by legal requirements.

Advertisement

Law enforcement agencies are pushing for mandatory retention because the data can sometimes be useful in criminal investigations.

Public concern about this issue exploded last year after AOL published the searches of about 658,000 of its users on a public Web site as part of an effort to share data with researchers. News organizations were able to use the searches to identify individuals.

In August, the Mercury News showed how an Internet search conducted on the three major search engines - Google, Microsoft and Yahoo - could be available to government investigators or legal adversaries. (AOL uses Google's search technology.)

At the time, all three companies declined to provide details about the personal data they were storing, including how long they were retaining it and how often it was requested by third parties.

Google said it reversed its policy after talking with numerous privacy stakeholders, including U.S. privacy advocates and European regulators.

Technically, what Google will do is lop off the final eight bits of an IP address - the string of numbers that identifies a particular computer to a server. It will also make cookies anonymous. Cookies are bits of code that Google places on its users' computers in order to identify them to Google's own servers.

Privacy advocates in the United States and Europe praised Google's announcement as a step in the right direction, though some said they would like to see a shorter retention period followed by complete erasure of personal information.

"I think if you ask the average person, `Do you want people to know what you type into Google?' they would mostly emphatically say no," said Kurt Opsahl, an attorney with the Electronic Frontier Foundation.

Peter Norvig, Google's engineering director, said the historical search data has allowed Google to continually improve its search technology to the benefit of its users.

He said the search logs are closely guarded inside the company and that only a small number of people get access to them "on a need to know basis."